[arch-security] Openssl flaw
G. Schlisio
g.schlisio at dukun.de
Tue Apr 8 09:53:32 EDT 2014
> I agree with Allan here :
>
>> I added this column in the wiki for tracking the responsiveness of
>> the packagers to handling security issues to see where we can
>> improve.
>
> What matters for us to track is the time it takes for us to notice and
> for Arch packagers to fix the issue once it has been disclosed.
as a measure of arch linux' responsiveness i propose a title like "time
known" or similar. i understand that this is an important thing to keep
track of and fully support keeping this information.
still, as an admin, i feel the importance of this "time vulnerable" (in
the sense i explained bevore.
> Finding how long a specific vulnerability has been available and
> exploitable is a generic information not related to Arch Linux.
>
> I'm not against adding it to the wiki as a separated column.
>
> By the way, there is another minor issue, the Update/Bug column has a
> double usage, maybe we should split this one in two.
any reason against splitting? for now we still have some space to the
sides (at least at my setup).
thanks for considering.
More information about the arch-security
mailing list